It was nice to hear that my friend (and very good guy) Johan Rambi from large utility Alliander (based in The Netherlands) was playing such an active role. And this note below reminds everyone that ICS security is not only an energy or power sector problem. As Joe tells it:
Or to call out a potential ICS-specific update to the perennial security triad the conference produced: adding O for Operational Controls. For this very important and highly specialized domain, it might make sense to reverse the prioritized order of CIA and get the O in there too: AIOC. Ayy-Awk.
Jeffrey Smith from American Axle gave a great presentation about how they have secured (or very significantly improved security) in their factories world-wide. What I felt was so important is their focus was on productivity and worker safety. Security was simply a threat that needed to be addressed so they could operate safely and efficiently.
This is reminiscent of others who point to the two goals one finds most highly valued in a power co, reliability and safety, and urge the security community to tie physical and cybersecurity tightly to those domains from messaging and business case perspectives.
Security practices are funded and run not merely to check compliance boxes, but to give businesses and government orgs Confidentiality, Integrity, and Availability (CIA) for their systems, networks, apps and data ... so they can continue to pursue their missions with confidence and efficiency.
Or to call out a potential ICS-specific update to the perennial security triad the conference produced: adding O for Operational Controls. For this very important and highly specialized domain, it might make sense to reverse the prioritized order of CIA and get the O in there too: AIOC. Ayy-Awk.
This blog share important information on ICS/SCADA security. I found this blog post very helpful. Thanks for sharing
ReplyDelete